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CLAIMS 

1. An apparatus for use in accessing online services over a communications 
network, the apparatus comprising: 

5 a store for storing profile data for use in relation to said online services; 

an interface for use by suppliers of online services to enable retrieval from and 
input to said store of profile data in respect of users; 
identity management means; and 

a profile access controller arranged to implement user-defined access controls in 
1 0 respect of a user's stored profile data, 

wherein said identity management means are triggerable to allocate or to cease a 
pseudo-identifier in respect of a user and a selected service provider and wherein, in use, 
said profile access controller restricts access by the selected service provider to stored 
profile data in respect of said user by means of said pseudo-identifier. 

15 

2. An apparatus according to Claim 1 further comprising^ monitoring means 
arranged with access to messages originating from a user and to recognise a 
predetermined type of information contained within said messages. 

20 3. An apparatus according to Claim 2, further comprising means responsive to a 
recognition by said monitoring means to replace information of said recognised type in a 
message originating from a user with pseudo-information generated by said identity 
management means in respect of said user. 

25 4. An apparatus according to Claim 2 or Claim 3, operable, on receipt of a request 
message from a user for access to a specified service provider, to generate an access 
request message, for sending to said specified service provider, containing an identifier 
for said user allocated by said identity management means. 

30 5. An apparatus according to Claim 4, wherein said allocated identifier for said user 
is a pseudo-identifier allocated by said identity management means. 

6. An apparatus according to any one of the preceding claims, further comprising a 
user interface operable to enable a user to update respective profile data stored in said 
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store and to define said access controls for implementation by said profile access 
controller. 

7. An apparatus according to any one of the preceding claims wherein said profile 
5 access controller is operable to recognise at least one predetermined invalid access 

condition with respect to stored profile data for a user and wherein the identity 
management means are responsive to said recognition by said profile access controller, 
and/or to a trigger signal from the user, to render a pseudo-identifier invalid for a 
respective service provider and hence to disable access by the respective service 
1 0 provider to profile data stored in respect of the user. 

8. An apparatus according to any one of the preceding claims, for use in the role of 
a proxy server disposed between a user and a service provider. 

15 9. An apparatus according to any one of the preceding claims, further comprising: 

profile data analysis means operable to identify, in stored profile data, information 
likely to compromise user anonymity. 

10. An apparatus according to Claim 9, wherein the profile data analysis means are 
20 operable, on identifying information likely to compromise user anonymity, to generate a 

warning message. 

11. An apparatus according to Claim 9 or Claim 10, wherein the profile data analysis 
means are operable to compare a type of data stored by a service provider in respect of a 

25 user with a data type to which the user has granted access permission for that service 
provider. 

12. An apparatus according to any one of claims 9 to 11, wherein the profile data 
analysis means are operable to detect distinctive characteristics in stored user profile 

30 data. 

13. An apparatus according to Claim 12, wherein the profile data analysis means are 
operable to detect said distinctive characteristics by comparing data contained in a user's 
profile with data contained in other user profiles. 
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14. An apparatus according to Claim 12, wherein the profile data analysis means are 
operable to detect said distinctive characteristics by comparing data contained in a user's 
profile with predetermined data characteristics stored in a reference store. 

5 15. An apparatus according to any one of the preceding claims, wherein said identity 
management means is arranged to allocate a different pseudo-identifier in respect of a 
user in respect of each of a plurality of different service providers. 

16. An apparatus substantially as hereinbefore described with reference to the 
1 0 accompanying drawings. 



